Validation

PCI DSS provides several compliance validation tools, such as:

On-site Annual Security Audit

A detailed on-site compliance assessment performed by a PCI SSC certified QSA (Qualified Security Assessor) or by a certified ISA (Inetrnal Security Assessor). The Audit is a detailed review of an organization’s card data environment that result in a RoC (Report on Compliance) and AoC (Attestation of Compliance).

Self Assessment Questionnaire (SAQ)

Validation tool primarily used by merchants and service providers not required to undergo on on-site assessment in self evaluating their compliance with the PCI DSS.

External Vulnerability Scan

External network vulnerability scanning performed quarterly by an PCI SSC Approved Scanning Vendor (ASV) of all Internet-facing system components that are a part of or provide a path to the cardholder data environment.